EU to Investigate Passport Privacy Concerns 102
mvdwege writes: "Well, it appears that the old fight between the US and the EU over privacy regulations is about to enter a second round. In response to a letter by a Member of the European Parliament, the Commission has stated that it will start investigating Microsofts possible breach of the EU privacy regulations. The Register has a nice summary."
Obligatory collection of information on users by M (Score:4, Informative)
1. Is the Commission aware of Microsoft's free
2. Is the Commission also aware that failure to register with
3. Does the Commission regard it as acceptable that users of public terminals in universities, libraries or Internet cafes who fail to log off correctly may pass on their confidential information to the next user, that to hire software via the Internet (using Microsoft servers instead of a personal hard disk) access is possible only via
4. Is it lawful for a dominant firm to build up a very extensive database of personal information? Is
5. Can national or European criminal investigators make use of the information collected without prior consent of the individuals concerned or the courts?
6. According to the Commission, is there any call for further regulation in order to make abuses by interested parties or subversion of current privacy rules impossible?
E-0718/02EN
Answer given by Mr Bolkestein
on behalf of the Commission
(7 May 2002)
1-3. The Commission is indeed aware of Microsoft's
4. A company operating in the Union is subject to Community law and may build up a database of personal information, provided the obligations laid down in Directive 95/46/EC of the Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data are respected. These include having a specific, legitimate purpose, informing the individual of identity of the controller of the data, of the purpose of collection and the rights individual has, such as the right to access his/hers own personal data. In cases where consent for processing is required, the Directive requires that it be unambiguous and freely given. The Directive also lays down the obligation to notify such processing operations to national data protection authorities. But the directive also provides for some exemptions from the notification obligation. The Commission is not at present in a position to say whether this processing operation has been notified within the Community.
The question of whether and to what extent the Directive applies to a data base (or in the terms of the Directive a data controller) located outside the Union, especially where data is collected directly from data subjects via the Internet, is a complex one which the Commission and national data protection authorities are at present examining carefully. Article 4.1(c) of the Directive provides for its application where a controller makes use of equipment, automated or otherwise, situated on the territory of a Member State, which means that the Directive does at least in some cases apply to controllers outside the Community. Furthermore specific national rules concerning a third country in which the controller is established may also apply and be enforceable within that jurisdiction. In this respect, Microsoft has notified the US Department of Commerce that it adheres to a privacy policy that meets the Safe Harbor framework.
5. On the basis of legislative measures, criminal investigators can make use of information collected without the prior consent of the individuals concerned or the courts, provided that the rights of defence of the individuals concerned are respected and that the restriction to the right to privacy is strictly necessary for the purpose of the criminal investigation. The information collected during the investigation may moreover only be used to the extent necessary for those purposes.
6. In accordance with Article 33 of the Directive, the Commission is examining the application of Directive 95/46/EC and expects to make a report before the end of the year. The subversion of current rules will be looked into in that context.
Re:A Considerable Knowledge of Dictionaries (Score:3, Informative)
The party of Erik Meijer (SP), the guy who asked that question, _is_ pro full legalisation of softdrugs, though
Re:Personal Data Need to be Regulated (Score:4, Informative)
Nice post. Good to see the moderators were awake on this one.
Basically what you are describing is the EU Privacy Directive. The gist of the Directive is that companies may not store information on you without telling what they need it for, and not more information than is necessary for the purposes they state. Additionally, they are not allowed to give out your data to third parties without express prior consent. The national laws that implement this directive are backed up by the governments. Some are a little easy on violators, but others are terrifyingly strict.
That's why I submitted this story in the first place; there have been a lot of stories lately about how companies treat personal information, and this was a nice way to show that somewhere in the world there are laws against this, and governments willing to back them up. I think the EU is a bureaucratic monstrosity sometimes, but this they got right.
Mart